Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 2 answers
  • Subscribers 4 subscribers
  • Views 8806 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WebAdmin fails after addition of second public IP address

NeutralSt8

I have had a Sophos UTM running in my home office for some time now with a fixed IP address on the WAN/public side. I recently decided to enable a second ISP supplied dynamic IP to my firewall so that I could host a few more family services.

The setup originally was the following:

WAN1 - Public_1 fixed IP

LAN - internal IP set (192.168.x.x)

All was working fine. I could log on remotely to the user portal and the WebAdmin interface at my Public_1 from anywhere while traveling

Updated setup:

WAN1 - Public_1 fixed IP (no change)

WAN2 - ISP provided DHCP address

LAN - no change

I can no longer log onto the WebAdmin from any external IP location.

The problem occurred immediately and when I remove the second WAN connection, I still can no longer access the WebAdmin interface.

Any suggestions?



This thread was automatically locked due to age.
  • 0

    Hi,

    I suspect that the Web Admin access port is changed. Are you able to ping the UTM on static IP? If you are able to take SSH to UTM with root privileges, run the command "/etc/init.d/httpd restart", this will restart httpd services which is responsible for WebAdmin GUI.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    The problem seems to be a little more complex than that. I had rebooted the system in case any services had stopped.

    From the internal network (192.168.x.x), I am able to access the WebAdmin and all of it's functions using the internal IP AND the WAN_1 external IP. So routing within the Sophos region is working. I am also able to access the internet without any problems.

    I can even access my personal server from the internet when I am not on my internal network. It seems only the WebAdmin access from an external source is the problem.

    It has stumped me because I do not recall making any changes to routing that would affect port 4444.


    BTW, I can still access the User Portal ... go figure!

  • 0 in reply to NeutralSt8

    Hi,

    Wonderful, if you are able to login from the internal network, please navigate through Management> Web Admin settings> allowed network. Check if it's ANY or anything specific! Configure the option to get access of device from ANY network. 

    Hope that helps :)

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    There were no changes made to the Access options and I have just checked the setting again and it has the ANY network in the Allowed Networks setting.

    Does Sophos have any known problems when there is 1-interface with a static IP and a second interface with a dynamic IP mapped with a dynamic DNS service such as No-IP or dynDNS?

    Thanks again for your assistance.


    BTW as I mentioned, I am able to access a configured web server behind the Sophos firewall so that function of the firewall is fine.

  • 0 in reply to NeutralSt8

    I would never leave "Any" here or on the 'Shell Access' tab.  Instead, add, for example, the object "NeutralSt8 (User Network)" and then access the UTM via one of the Remote Access capabilities.  When you login to a VPN on the UTM, your User Network object is populated with the IP assigned to you.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to NeutralSt8

    Hi,

    There is no known issue as such, I am pretty sure the issue is somewhere in the configuration.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    I am having almost the same problem.

    As soon as I add a second WAN Interface with a default gw, the webadmin is only available through the internal netwerk or the second WAN Interface.

  • 0 in reply to BjörnBopp

    I haven't had a chance to re-visit the setup since my last reply.

    I will send you an update when I get a chance to look at it again.

    Good luck on your end.

Unfiltered HTML